# generated from amavisd.conf.tt2 on entry1 by osf-genconf2 (14.7.06)

use strict;

# Configuration file for amavisd-new
#
# This software is licensed under the GNU General Public License (GPL).
# See comments at the start of amavisd-new for the whole license text.

#Sections:
# Section I    - Essential daemon and MTA settings
# Section II   - MTA specific
# Section III  - Logging
# Section IV   - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
# Section V    - Per-recipient and per-sender handling, whitelisting, etc.
# Section VI   - Resource limits
# Section VII  - External programs, virus scanners, SpamAssassin
# Section VIII - Debugging
# Section IX   - Policy banks (dynamic policy switching)

#GENERAL NOTES:
#  This file is a normal Perl code, interpreted by Perl itself.
#  - make sure this file (or directory where it resides) is NOT WRITABLE
#    by mere mortals (not even vscan/amavis; best to make it owned by root),
#    otherwise it represents a severe security risk!
#  - for values which are interpreted as booleans, it is recommended
#    to use 1 for true, and 0 or undef or '' for false.
#    THIS IS DIFFERENT FROM OLD AMAVIS VERSIONS where "no" also meant false,
#    now it means true, like any nonempty string does!
#  - Perl syntax applies. Most notably: strings in "" may include variables
#    (which start with $ or @); to include characters @ and $ in double
#    quoted strings, precede them by a backslash; in single-quoted strings
#    the $ and @ lose their special meaning, so it is usually easier to use
#    single quoted strings (or qw operator) for e-mail addresses.
#    Still, in both cases a backslash needs to be doubled.
#  - variables with names starting with a '@' are lists, the values assigned
#    to them should be lists as well, e.g. ('one@foo', $mydomain, "three");
#    note the comma-separation and parenthesis. If strings in the list
#    do not contain spaces nor variables, a Perl operator qw() may be used
#    as a shorthand to split its argument on whitespace and produce a list
#    of strings, e.g. qw( one@foo example.com three );  Note that the argument
#    to qw is quoted implicitly and no variable interpretation is done within
#    (no '$' variable evaluations). The #-initiated comments can NOT be used
#    within a string. In other words, $ and # lose their special meaning
#    within a qw argument, just like within '...' strings.
#  - all e-mail addresses in this file and as used internally by the daemon
#    are in their raw (rfc2821-unquoted and non-bracketed) form, i.e. 
#    Bob "Funny" Dude@example.com, not: "Bob \"Funny\" Dude"@example.com
#    and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'.
#  - the term 'default value' in examples below refers to the value of a
#    variable pre-assigned to it by the program; any explicit assignment
#    to a variable in this configuration file overrides the default value;


#
# Section I - Essential daemon and MTA settings
#


# $mydomain serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $mydomain is never used directly by the program.
#$mydomain = 'example.com';      # (no useful default)
$mydomain = 'lists.debian.org';

# $MYHOME serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $MYHOME is not used directly by the program. No trailing slash!
$MYHOME = '/var/lib/amavis/';   # (default is '/var/amavis')

$ENV{'PATH'} = '/bin:/usr/bin:/sbin/:/usr/local/sbin/:/usr/sbin'; #untaint path
$myhostname = 'lists.debian.org';  # fqdn of this host, default by uname(3)
$myhostname = $1 if $myhostname =~ /^(.+)$/;


# Set the user and group to which the daemon will change if started as root
# (otherwise just keeps the UID unchanged, and these settings have no effect):
$daemon_user  = 'amavis';	# (no default;  customary: vscan or amavis)
$daemon_group = 'amavis';	# (no default;  customary: vscan or amavis)

# Runtime working directory (cwd), and a place where
# temporary directories for unpacking mail are created.
# (no trailing slash, may be a scratch file system)
$TEMPBASE = $MYHOME;	        # (must be set if other config vars use is)
#$TEMPBASE = "$MYHOME/tmp";     # prefer to keep home dir /var/amavis clean?

#$db_home = "$MYHOME/db";	# DB databases directory, default "$MYHOME/db"

# $helpers_home sets environment variable HOME, and is passed as option
# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
# on a normal persistent file system, not a scratch or temporary file system
#$helpers_home = $MYHOME;	# (defaults to $MYHOME)

# Run the daemon in the specified chroot jail if nonempty:
#$daemon_chroot_dir = $MYHOME;  # (default is undef, meaning: do not chroot)

$pid_file  = "/var/run/amavis/amavisd.pid";  # (default is "$MYHOME/amavisd.pid")
#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")

# set environment variables if you want (no defaults):
$ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory
#...

# Net::Server pre-forking settings
# You may want $max_servers to match the width of your MTA pipe
# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
# master.cf file, like the '2' in the:  smtp-amavis unix - - n - 2 smtp
#
$max_servers  =  8;   # number of pre-forked children          (default 2)
$max_requests = 100;   # retire a child after that many accepts (default 10)

$child_timeout=5*60;  # abort child if it does not complete each task in n sec
                      # (default: 8*60 seconds)

@local_domains_maps = ( [".$mydomain"] );  # $mydomain and its subdomains
#=> will be overwritten in policybanks


# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
#   (used with amavis helper clients like amavis-milter.c and amavis.c,
#   NOT needed for Postfix or Exim or dual-sendmail - keep it undefined.
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
#$unix_socketname = undef;        # disable listening on a unix socket
                                  # (default is undef, i.e. disabled)
                                  # (usual setting is $MYHOME/amavisd.sock)

# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
#   (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
#$inet_socket_port = 10024;        # accept SMTP on this local TCP port
$inet_socket_port = [ 2525, 61000 ];

                                  # (default is undef, i.e. disabled)
#=>configured per domain 
		
# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];

# SMTP SERVER (INPUT) access control
# - do not allow free access to the amavisd SMTP port !!!
#
# when MTA is at the same host, use the following (one or the other or both):
#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
                                  # (default is '127.0.0.1')
@inet_acl = qw( 127.0.0.1 ::1 70.103.162.31 );  # allow SMTP access only from localhost IP
                                  # (default is qw(127.0.0.1 ::1) )


# @mynetworks is an IP access list which determines if the original SMTP client
# IP address belongs to our internal networks. It is much like the Postfix
# parameter 'mynetworks' in semantics and similar in syntax, and its value
# should normally match the Postfix counterpart. It only affects the value
# of a macro %l (=sender-is-local), and the loading of policy 'MYNETS' if
# present (see below). Note that '-o smtp_send_xforward_command=yes' (or its
# lmtp counterpart) must be enabled in the Postfix service that feeds amavisd,
# otherwise client IP address is not available to amavisd-new.
#
@mynetworks = qw (      127.0.0/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );  

#   qw( 127.0.0.0/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );  # default


#
# Section III - Logging
#

# true (e.g. 1) => syslog;  false (e.g. 0) => logging to file
$DO_SYSLOG = 1;                   # (defaults to false)
#$SYSLOG_LEVEL = 'user.info';     # (facility.priority, default 'mail.info')

# Log file (if not using syslog)
$LOGFILE = "$MYHOME/amavis.log";  # (defaults to empty, no log)

#NOTE: levels are not strictly observed and are somewhat arbitrary
# 0: startup/exit/failure messages, viruses detected
# 1: args passed from client, some more interesting messages
# 2: virus scanner output, timing
# 3: server, client
# 4: decompose parts
# 5: more debug details
$log_level = 2;		  # (defaults to 0)

# Customizable template for the most interesting log file entry (e.g. with
# $log_level=0) (take care to properly quote Perl special characters like '\')
# For a list of available macros see README.customize .

# $log_templ = undef;      # disable by-message level-0 log entries
$log_recip_templ = undef;  # disable by-recipient level-0 log entries


$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
<%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';



#
# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
#

#sender template
#$notify_sender_templ      = read_text('/etc/amavis-multi/templatesnotify_sender.txt', 'iso-8859-1');
#notify virus admin temoplate
#$notify_virus_admin_templ = read_text('/etc/amavis-multi/notify_virus_admin.txt', 'iso-8859-1');
#same for spam
#$notify_spam_admin_templ  = read_text('/etc/amavis-multi/notify_spam_admin.txt', 'iso-8859-1');

#our $credativ_domain_contact;
# $notify_spam_admin_templ  = read_text('/etc/amavis-multi/templates/template-spam-admin.txt', 'iso-8859-1');


#$notify_virus_recips_templ =
#'Date: %d
#From: %f
#Subject: [? %#V |[? %#F ||E-MAIL AUFGRUND BLOCKREGEL BLOCKIERT / MAIL BLOCKED DUE TO BLOCKING RULE]|DWD-CSG FAND VIRUS IN E-MAIL AN SIE / DWD-CSG FOUND VIRUS
#To: [? %#T |undisclosed-recipients: ;|[<%T>|, ]]
#[? %#C |#|Cc: [<%C>|, ]]
#Message-ID: <VR%n@%h>


#Der DWD Content Security Gateway fand [? %#V |[? %#F ||zu blockierende Inhalte ]|Viren]
#in einer E-Mail an Sie [? %o |von einem unbekannten Absender.|von: %o]
#[? %#V |[? %#F ||Blockierte Datei/Dateien vom Typ:] %F|Virus/Viren mit der Bezeichnung: %V]
#
#[? %q |Keine Quarant�ne.|Die E-Mail wurde in die Quarant�ne geschoben,
#Adresse: %q]
#
#Die Betreffzeile der Mail lautete: [ %j ]
#
#Diese Nachricht wurde generiert am/um: [ %d ]
#
#Sollten Sie weitere Fragen haben oder die geblockte E-Mail dringend
#ben�tigen, so leiten Sie bitte diese Benachrichtigung zusammen mit einer
#entsprechenden Begr�ndung weiter an: ' . ($credativ_domain_contact || '') . '
#
#In allen anderen F�llen brauchen Sie nichts zu unternehmen.
#
#Ihre E-Mail Administration
#
#****************************************************************
#
#The DWD Content Security Gateway has found [? %#V |[? %#F ||banned Names]|a virus]
#in an e-mail to you from: [? %o |unknown sender.| %o]
#[? %#V |[? %#F ||Banned File(s):] %F|Virus: %V]
#
#The subject was: [ %j ]
#
#[? %q |No quarantine.|This message has been quarantined,
#address: %q]
#
#Message generated at: [ %d ]
#
#For further assistance or in case you urgently need the blocked email,
#please forward this notification together with your motivation to: ' . ($credativ_domain_contact || '') . '
#
#In all other cases no further action is required.
#
#Your E-Mail Administration
#'; # end $notify_virus_recips_templ TODO Switch to policybank!!




# Here is an overall picture (sequence of events) of how pieces fit together
# (only virus controls are shown, spam controls work the same way):
#
#   bypass_virus_checks set for all recipients? ==> PASS
#   no viruses?   ==> PASS
#   log virus     if $log_templ is nonempty
#   quarantine    if $virus_quarantine_to is nonempty
#   notify admin  if $virus_admin (lookup) nonempty
#   notify recips if $warnvirusrecip and (recipient is local or $warn_offsite)
#   add address extensions for local recipients (when enabled)
#   send (non-)delivery notifications
#      to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS))
#   virus_lovers or final_destiny==D_PASS  ==> PASS
#   DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)
#
# Equivalent flow diagram applies for spam checks.
# If a virus is detected, spam checking is skipped entirely.

# The following symbolic constants can be used in *destiny settings:
#
# D_PASS     mail will pass to recipients, regardless of bad contents;
#
# D_DISCARD  mail will not be delivered to its recipients, sender will NOT be
#            notified. Effectively we lose mail (but will be quarantined
#            unless disabled). Losing mail is not decent for a mailer,
#            but might be desired.
#
# D_BOUNCE   mail will not be delivered to its recipients, a non-delivery
#            notification (bounce) will be sent to the sender by amavisd-new;
#            Exception: bounce (DSN) will not be sent if a virus name matches
#            $viruses_that_fake_sender_re, or to messages from mailing lists
#            (Precedence: bulk|list|junk);
#
# D_REJECT   mail will not be delivered to its recipients, sender should
#            preferably get a reject, e.g. SMTP permanent reject response
#            (e.g. with milter), or non-delivery notification from MTA
#            (e.g. Postfix). If this is not possible (e.g. different recipients
#            have different tolerances to bad mail contents and not using LMTP)
#            amavisd-new sends a bounce by itself (same as D_BOUNCE).
#
# Notes:
#   D_REJECT and D_BOUNCE are similar, the difference is in who is responsible
#            for informing the sender about non-delivery, and how informative
#            the notification can be (amavisd-new knows more than MTA);
#   With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status
#            notification, colloquially called 'bounce') - depending on MTA;
#            Best suited for sendmail milter, especially for spam.
#   With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the
#            reason for mail non-delivery, but unable to reject the original
#            SMTP session). Best suited to reporting viruses, and for Postfix
#            and other dual-MTA setups, which can't reject original client SMTP
#            session, as the mail has already been enqueued.

$final_virus_destiny      = D_DISCARD;  # (defaults to D_DISCARD)
$final_banned_destiny     = D_DISCARD;  # (defaults to D_BOUNCE)
$final_spam_destiny       = D_DISCARD;  # (defaults to D_BOUNCE)
$final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested

# Alternatives to consider for spam:
# - use D_PASS if clients will do filtering based on inserted mail headers;
# - use D_DISCARD, if kill_level is set safely high;
# - use D_BOUNCE instead of D_REJECT if not using milter;
#
# D_BOUNCE is preferred for viruses, but consider:
# - use D_PASS (or virus_lovers) and $warnvirussender=1 to deliver viruses;
# - use D_REJECT instead of D_BOUNCE if using milter and under heavy
#   virus storm;
#
# Don't bother to set both D_DISCARD and $warn*sender=1, it will get mapped
# to D_BOUNCE.
#
# The separation of *_destiny values into D_BOUNCE, D_REJECT, D_DISCARD
# and D_PASS made settings $warnvirussender and $warnspamsender only still
# useful with D_PASS.

# The following $warn*sender settings are ONLY used when mail is
# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).
# Bounces or rejects produce non-delivery status notification anyway.

# Notify virus sender?
#$warnvirussender = 1;	# (defaults to false (undef))

# Notify spam sender?
#$warnspamsender = 1;	# (defaults to false (undef))

# Notify sender of banned files?
#$warnbannedsender = 1;	# (defaults to false (undef))

# Notify sender of syntactically invalid header containing non-ASCII characters?
#$warnbadhsender = 1;	# (defaults to false (undef))

# Notify virus (or banned files or bad headers) RECIPIENT?
#  (not very useful, but some policies demand it)
#$warnvirusrecip = 1;	# (defaults to false (undef))
#$warnbannedrecip = 1;	# (defaults to false (undef))
#$warnbadhrecip = 1;	# (defaults to false (undef))

# Notify also non-local virus/banned recipients if $warn*recip is true?
#  (including those not matching local_domains*)
#$warn_offsite = 1;	# (defaults to false (undef), i.e. only notify locals)


# Treat envelope sender address as unreliable and don't send sender
# notification / bounces if name(s) of detected virus(es) match the list.
# Note that virus names are supplied by external virus scanner(s) and are
# not standardized, so virus names may need to be adjusted.
# See README.lookups for syntax, check also README.policy-on-notifications
#
@viruses_that_fake_sender_maps = (new_RE(
  qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
  qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
  qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
  qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
  qr'@mm|@MM',    # mass mailing viruses as labeled by f-prot and uvscan
  qr'Worm'i,      # worms as labeled by ClamAV, Kaspersky, etc
  [qr'^(EICAR|Joke\.|Junk\.)'i         => 0],
  [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i  => 0],
  #[qr/.*/ => 1],  # true by default  (remove or comment-out if undesired)
));

# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address)
# - the administrator address may be a simple fixed e-mail address (a scalar),
#   or may depend on the SENDER address (e.g. its domain), in which case
#   a ref to a hash table can be specified (specify lower-cased keys,
#   dot is a catchall, see README.lookups).
#
#   Empty or undef lookup disables virus admin notifications.

#$virus_admin = "virusalert\@$mydomain";
#=> configured per domain

# $virus_admin = 'virus-admin@example.com';
# $virus_admin = undef;   # do not send virus admin notifications (default)
#
#@virus_admin_maps = (    # by-sender maps
#  {'not.example.com'=>'', '.'=>'virusalert@example.com'},
#  $virus_admin,   # the usual default
#);

# equivalent to $virus_admin, but for spam admin notifications:
# $spam_admin = "spamalert\@$mydomain";
$spam_admin = undef;    # do not send spam admin notifications (default)
#@spam_admin_maps = (     # by-sender maps
#  {'not.example.com'=>'', '.'=>'spamalert@example.com'},
#  $spam_admin,   # the usual default
#);

# whom notification reports are sent from (ENVELOPE SENDER);
# may be a null reverse path, or a fully qualified address:
#   (admin and recip sender addresses default to a null return path)
#   If using strings in double quotes, don't forget to quote @, i.e. \@
#
$mailfrom_notify_admin     = '';
$mailfrom_notify_recip     = '';
$mailfrom_notify_spamadmin = '';

# 'From' HEADER FIELD for sender and admin notifications.
# This should be a replyable address, see rfc1894. Not to be confused
# with $mailfrom_notify_sender, which is the envelope return address
# and should be empty (null reverse path) according to rfc2821.
#
# The syntax of the 'From' header field is specified in rfc2822, section
# '3.4. Address Specification'. Note in particular that display-name must be
# a quoted-string if it contains any special characters like spaces and dots.
#
# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
# $hdrfrom_notify_sender = 'amavisd-new <postmaster@example.com>';
# $hdrfrom_notify_sender = '"Content-Filter Master" <postmaster@example.com>';
# $hdrfrom_notify_admin = $mailfrom_notify_admin;
# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
#   (all default to: "\"Content-filter at $myhostname\" <postmaster\@$myhostname>")

# whom quarantined messages appear to be sent from (envelope sender);
# keeps original sender if undef, or set it explicitly, default is undef
$mailfrom_to_quarantine = '';   # override sender address with null return path

# (default values are: virus-quarantine, banned-quarantine, spam-quarantine)

#$virus_quarantine_to = 'infected@';           # forward to MTA for delivery
#$virus_quarantine_to = "virus-quarantine\@$mydomain";   # similar
#$virus_quarantine_to = 'virus-quarantine@example.com';  # similar
#$virus_quarantine_to = undef;                 # no quarantine
#
#@virus_quarantine_to_maps = (   # per-recip multiple quarantines
#  new_RE( [qr'^user@example\.com$'i => 'infected@'],
#          [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],
#          [qr'^(.*)(@[^@])?$'i      => 'virus-${1}${2}'] ),
#  $virus_quarantine_to,  # the usual default
#);

# similar for banned names and bad headers and spam (set to undef to disable)
#$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine
#$spam_quarantine_to       = 'spam-quarantine';       # local quarantine
#=>configured per domain 


# Add X-Virus-Scanned header field to mail?
#$X_HEADER_TAG = 'X-Virus-Scanned';	# (default: undef)
# Leave empty to add no header field	# (default: undef)
#$X_HEADER_LINE = "by amavisd-new at $mydomain";
#=>configured per domain


# a string to prepend to Subject (for local recipients only) if mail could
# not be decoded or checked entirely, e.g. due to password-protected archives
$undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it

# MIME defanging wraps the entire original mail in a MIME container of type
# 'Content-type: multipart/mixed', where the first part is a text/plain with
# a short explanation, and the second part is a complete original mail,
# enclosed in a 'Content-type: message/rfc822' MIME part.
# Defanging is only done when enabled (selectively by malware type)
# and the malware is allowed to pass (*_lovers or *_destiny=D_PASS)
#
$defang_virus  = 1;  # default is false: don't modify mail body
$defang_banned = 1;  # default is false: don't modify mail body
# $defang_bad_header     = 1;  # default is false: don't modify mail body
# $defang_undecipherable = 1;  # default is false: don't modify mail body
# $defang_spam = 1;  # default is false: don't modify mail body

$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
#$remove_existing_x_scanned_headers= 1; # remove existing headers
					# (defaults to false)
#$remove_existing_spam_headers = 0;     # leave existing X-Spam* headers alone
$remove_existing_spam_headers  = 1;     # remove existing spam headers if
					# spam scanning is enabled (default)

# set $bypass_decode_parts to true if you only do spam scanning, or if you
# have a good virus scanner that can deal with compression and recursively
# unpacking archives by itself, and save amavisd the trouble.
# Disabling decoding also causes banned_files checking to only see
# MIME names and MIME content types, not the content classification types
# as provided by the file(1) utility.
# It is a double-edged sword, make sure you know what you are doing!
#
#$bypass_decode_parts = 1;		# (defaults to false)

# don't trust this file type or corresponding unpacker for this file type,
# keep both the original and the unpacked file for a virus checker to see
# (lookup key is what file(1) utility returned):
#
@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$',   # retain full original message for virus checking (can be slow)
  qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',
));


# Checking for banned MIME types and names. If any mail part matches,
# the whole mail is rejected, much like the way viruses are handled.
# Object $banned_filename_re provides a list of Perl regular expressions
# to be matched against each part's:
#[ .. ] configured per domain 

#
# Section V - Per-recipient and per-sender handling, whitelisting, etc.
#

# [ .. ] much unused stuff

# @addr_extension_virus_maps  = ('virus');     # defaults to empty
# @addr_extension_spam_maps   = ('spam');      # defaults to empty
# @addr_extension_banned_maps = ('banned');    # defaults to empty
# @addr_extension_bad_header_maps = ('badh');  # defaults to empty
#
# A more complex example:
# @addr_extension_virus_maps = (
#   {'sub.example.com'=>'infected', '.example.com'=>'filtered'}, 'virus' );

# Delimiter between local part of the recipient address and address extension
# (which can optionally be added, see @addr_extension_*_maps. E.g. recipient
# address <user@example.com> gets changed to <user+virus@example.com>.
#
# Delimiter must match the equivalent (final) MTA delimiter setting.
# (e.g. for Postfix add 'recipient_delimiter = +' to main.cf)
# Setting it to an empty string or to undef disables adding extensions
# regardless of $addr_extension_*_maps.

$recipient_delimiter = '+';		# (default is '+')

# true: replace extension;  false: append extension
# $replace_existing_extension = 1;	# (default is false)

# Affects matching of localpart of e-mail addresses (left of '@')
# in lookups: true = case sensitive, false = case insensitive
$localpart_is_case_sensitive = 0;	# (default is false)


# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

# Instead of strongly black- or whitelisting, a softer approach is to add
# score points (penalties) to the SA score for mail from certain senders.
# Positive points lean towards blacklisting, negative towards whitelisting.
# This is much like adding SA rules or using its white/blacklisting, except
# that here only envelope sender addresses are considered (not addresses
# in a mail header), and that score points can be assigned per-recipient
# (or globally), and the assigned penalties are customarily much lower
# that the default SA white/blacklisting score.
#
# The table structure is similar to $per_recip_whitelist_sender_lookup_tables
# i.e. the first level key is recipient, pointing to by-sender lookup tables.
# The essential difference is that scores from _all_ by-recipient lookups
# (not just the first that matches) are summed to give the final score boost.
#
# NOTE: keep hash keys in lowercase, either manually or by using function lc

@score_sender_maps = ({  # a by-recipient hash lookup table

# # per-recipient personal tables  (NOTE: positive: black, negative: white)
# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
#                           '.cleargreen.com'           => -5.0}],

  # site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score boost

   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
     [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),

   { # a hash-type lookup table (associative array)
      'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'bugtraq@securityfocus.com'              => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
     'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

   },
  ],  # end of site-wide tables
});


# ENVELOPE SENDER WHITELISTING / BLACKLISTING  - GLOBAL (RECIPIENT-INDEPENDENT)
# (affects spam checking only, has no effect on virus and other checks)

# [ .. ] configured per domain
 

# ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT

# [ .. ] unused 

#
# Section VI - Resource limits
#

# Sanity limit to the number of allowed recipients per SMTP transaction
# $smtpd_recipient_limit = 1000;  # (default is 1000)

# Resource limits to protect unpackers, decompressors and virus scanners
# against mail bombs (e.g. 42.zip)


# Maximum recursion level for extraction/decoding (0 or undef disables limit)
$MAXLEVELS = 14;		# (default is undef, no limit)

# Maximum number of extracted files (0 or undef disables the limit)
$MAXFILES = 5000;		# (default is undef, no limit)

# For the cumulative total of all decoded mail parts we set max storage size
# to defend against mail bombs. Even though parts may be deleted (replaced
# by decoded text) during decoding, the size they occupied is _not_ returned
# to the quota pool.
#
# Parameters to storage quota formula for unpacking/decoding/decompressing
#   Formula:
#     quota = max($MIN_EXPANSION_QUOTA,
#                 $mail_size*$MIN_EXPANSION_FACTOR,
#                 min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR))
#   In plain words (later condition overrules previous ones):
#     allow MAX_EXPANSION_FACTOR times initial mail size,
#     but not more than MAX_EXPANSION_QUOTA,
#     but not less than MIN_EXPANSION_FACTOR times initial mail size,
#     but never less than MIN_EXPANSION_QUOTA
#
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
$MIN_EXPANSION_FACTOR =   5;  # times original mail size  (must be specified)
$MAX_EXPANSION_FACTOR = 500;  # times original mail size  (must be specified)

# expiration time of cached results: time to live in seconds
#   (how long the result of a virus/spam test remains valid)
$virus_check_negative_ttl=  3*60; # time to remember that mail was not infected
$virus_check_positive_ttl= 30*60; # time to remember that mail was infected
$spam_check_negative_ttl = 30*60; # time to remember that mail was not spam
$spam_check_positive_ttl = 30*60; # time to remember that mail was spam

#
# Section VII - External programs, virus scanners
#

# Specify a path string, which is a colon-separated string of directories
# (no trailing slashes!) to be assigned to the environment variable PATH
# and to serve for locating external programs below.

# NOTE: if $daemon_chroot_dir is nonempty, the directories will be
#       relative to the chroot directory specified;

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';

# Specify one string or a search list of strings (first match wins).
# The string (or: each string in a list) may be an absolute path,
# or just a program name, to be located via $path;
# Empty string or undef (=default) disables the use of that external program.
# Optionally command arguments may be specified - only the first substring
# up to the whitespace is used for file searching.

$file   = 'file';   # file(1) utility; use 3.41 or later to avoid vulnerability

$gzip   = 'gzip';
$bzip2  = 'bzip2';
$lzop   = 'lzop';
$rpm2cpio   = ['rpm2cpio.pl','rpm2cpio'];
$cabextract = 'cabextract';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze   = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc        = ['nomarch', 'arc'];
$unarj      = ['arj', 'unarj'];  # both can extract, arj is recommended
$unrar      = ['rar', 'unrar'];  # both can extract, same options
$zoo    = 'zoo';
$lha    = 'lha';
$cpio   = ['gcpio','cpio']; # gcpio is a GNU cpio on OpenBSD, which supports
                            # the options needed; the rest of us use cpio
$dspam  = 'dspam';

# SpamAssassin settings

# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
# of the option local_tests_only. See Mail::SpamAssassin man page.
# If set to 1, no tests that require internet access will be performed.
#
$sa_local_tests_only = 0;   # (default: false)
$sa_auto_whitelist = 1;    # turn on AWL (default: false)

$sa_mail_body_size_limit = 64*1024; # don't waste time on SA if mail is larger
			    # (less than 1% of spam is > 64k)
			    # default: undef, no limitations

# default values, customarily used in the @spam_*_level_maps as the last entry
$sa_tag_level_deflt  = 5.3; # add spam info headers if at, or above that level;
			    # undef is interpreted as lower than any spam level
#$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
#=> configured per domain
$sa_kill_level_deflt = 100000; # triggers spam evasive actions
			    # at or above that level: bounce/reject/drop,
			    # quarantine, and adding mail address extension
#$sa_dsn_cutoff_level = 10;  # spam level beyond which a DSN is not sent,
                            # effectively turning D_BOUNCE into D_DISCARD;
                            # undef disables this feature and is a default;

# a quick reference:
#   tag_level  controls adding the X-Spam-Status and X-Spam-Level headers,
#   tag2_level controls adding 'X-Spam-Flag: YES', and editing Subject,
#   kill_level controls 'evasive actions' (reject, quarantine, extensions);
# it only makes sense to maintain the relationship:
# tag_level <= tag2_level <= kill_level < dsn_cutoff_level

# string to prepend to Subject header field when message exceeds tag2 level
#$sa_spam_subject_tag = '***DWD-CSG: SPAM*** ';	# (defaults to undef, disabled)
			     # (only seen when spam is not to be rejected
			     # and recipient is in local_domains*)

#$sa_spam_modifies_subj = 1; # may be a ref to a lookup table, default is true
#=> configured per domain

# Example: modify Subject for all local recipients except user@example.com
#$sa_spam_modifies_subj = [qw( !user@example.com . )];

#$sa_spam_level_char = '*';  # char for X-Spam-Level bar, defaults to '*';
			     # undef disables inserting X-Spam-Level header
#$sa_spam_report_header = 0; # insert X-Spam-Report header field? default false

# stop anti-virus scanning when the first scanner detects a virus?
#$first_infected_stops_scan = 1;  # default is false, all scanners are called

# @av_scanners is a list of n-tuples, where fields semantics is:
#  1. av scanner plain name, to be used in log and reports;
#  2. scanner program name; this string will be submitted to subroutine
#     find_external_programs(), which will try to find the full program
#     path name; if program is not found, this scanner is disabled.
#     Besides a simple string (full program path name or just the basename
#     to be looked for in PATH), this may be an array ref of alternative
#     program names or full paths - the first match in the list will be used;
#     As a special case for more complex scanners, this field may be
#     a subroutine reference, and the whole n-tuple is passed to it as args.
#  3. command arguments to be given to the scanner program;
#     a substring {} will be replaced by the directory name to be scanned,
#     i.e. "$tempdir/parts", a "*" will be replaced by file names of parts;
#  4. an array ref of av scanner exit status values, or a regexp (to be
#     matched against scanner output), indicating NO VIRUSES found;
#  5. an array ref of av scanner exit status values, or a regexp (to be
#     matched against scanner output), indicating VIRUSES WERE FOUND;
#     Note: the virus match prevails over a 'not found' match, so it is safe
#     even if the no. 4. matches for viruses too;
#  6. a regexp (to be matched against scanner output), returning a list
#     of virus names found.
#  7. and 8.: (optional) subroutines to be executed before and after scanner
#     (e.g. to set environment or current directory);
#     see examples for these at KasperskyLab AVP and Sophos sweep.

# NOTES:
#
# - NOT DEFINING @av_scanners (e.g. setting it to empty list, or deleting the
#   whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE
#   (which can be handy if all you want to do is spam scanning);
#
# - the order matters: although _all_ available entries from the list are
#   always tried regardless of their verdict, scanners are run in the order
#   specified: the report from the first one detecting a virus will be used
#   (providing virus names and scanner output); REARRANGE THE ORDER TO WILL;
#
# - it doesn't hurt to keep an unused command line scanner entry in the list
#   if the program can not be found; the path search is only performed once
#   during the program startup;
#
#   COROLLARY: to disable a scanner that _does_ exist on your system,
#   comment out its entry or use undef or '' as its program name/path
#   (second parameter). An example where this is almost a must: disable
#   Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl
#   (same for Trophie/vscan, and clamd/clamscan), or if another unrelated
#   program happens to have a name matching one of the entries ('sweep'
#   again comes to mind);
#
# - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES
#   for interfacing (where the second parameter starts with \&).
#   Keeping such entry and not having a corresponding virus scanner daemon
#   causes an unnecessary connection attempt (which eventually times out,
#   but it wastes precious time). For this reason the daemonized entries
#   are commented in the distribution - just remove the '#' where needed.
#
# CERT list of av resources: http://www.cert.org/other_sources/viruses.html

@av_scanners = (

# ### http://www.vanja.com/tools/sophie/
# ['Sophie',
#   \&ask_daemon, ["{}/\n", '/var/run/sophie'],
#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],

# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
# ['Sophos SAVI', \&sophos_savi ],

# ### http://www.clamav.net/
 ['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", '/var/run/clamav/clamd.ctl'],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd;  match the socket
# # name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],

# ### http://www.clamav.net/ and CPAN (Perl modules)
# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],

# ### http://www.openantivirus.org/
# ['OpenAntiVirus ScannerDaemon (OAV)',
#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
#   qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],

# ### http://www.vanja.com/tools/trophie/
# ['Trophie',
#   \&ask_daemon, ["{}/\n", '/var/run/trophie'],
#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],

# ### http://www.grisoft.com/
# ['AVG Anti-Virus',
#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
#   qr/^200/, qr/^403/, qr/^403 .*?: (.+)/ ],

# ### http://www.f-prot.com/
# ['FRISK F-Prot Daemon',
#   \&ask_daemon,
#   ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
#     ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
#      '127.0.0.1:10203','127.0.0.1:10204'] ],
#   qr/(?i)<summary[^>]*>clean<\/summary>/,
#   qr/(?i)<summary[^>]*>infected<\/summary>/,
#   qr/(?i)<name>(.+)<\/name>/ ],
#
#  ['KasperskyLab AVP - aveclient',
#    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
#     '/opt/kav/bin/aveclient','aveclient'],
#    '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,
#    qr/(?:INFECTED|SUSPICION) (.+)/,
#  ],

#  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
#    '-* -P -B -Y -O- {}', [0,3,6,8], [2,4],    # any use for -A -K   ?
#    qr/infected: (.+)/,
#    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
#    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
#  ],

  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
  ### products and replaced by aveserver and aveclient
  ['KasperskyLab AVPDaemonClient',
    [ '/opt/AVP/kavdaemon',       'kavdaemon',
      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
      '/opt/AVP/avpdc', 'avpdc' ],
    "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
    # change the startup-script in /etc/init.d/kavd to:
    #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
    #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )
    # adjusting /var/amavis above to match your $TEMPBASE.
    # The '-f=/var/amavis' is needed if not running it as root, so it
    # can find, read, and write its pid file, etc., see 'man kavdaemon'.
    # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
    #   directory $TEMPBASE specifies) in the 'Names=' section.
    # cd /opt/AVP/DaemonClients; configure; cd Sample; make
    # cp AvpDaemonClient /opt/AVP/
    # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"

  ### http://www.hbedv.com/ or http://www.centralcommand.com/
  ['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
    ['antivir','vexira'],
    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
    # NOTE: if you only have a demo version, remove -z and add 214, as in:
    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,

  ### http://www.commandsoftware.com/
  ['Command AntiVirus for Linux', 'csav',
    '-all -archive -packed {}', [50], [51,52,53],
    qr/Infection: (.+)/ ],

  ### http://www.symantec.com/
  ['Symantec CarrierScan via Symantec CommandLineScanner',
    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
    qr/^Files Infected:\s+0$/, qr/^Infected\b/,
    qr/^(?:Info|Virus Name):\s+(.+)/ ],

  ### http://www.symantec.com/
  ['Symantec AntiVirus Scan Engine',
    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
    [0], qr/^Infected\b/,
    qr/^(?:Info|Virus Name):\s+(.+)/ ],
    # NOTE: check options and patterns to see which entry better applies

  ### http://www.sald.com/, http://drweb.imshop.de/
  ['drweb - DrWeb Antivirus',
    ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
    '-path={} -al -go -ot -cn -upn -ok-',
    [0,32], [1,33], qr' infected (?:with|by)(?: virus)? (.*)$'],

# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
# ['DrWebD', \&ask_daemon,   # DrWebD 4.31 or later
#   [pack('N',1).  # DRWEBD_SCAN_CMD
#    pack('N',0x00280001).   # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
#    pack('N',     # path length
#      length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).
#    '{}/*'.       # path
#    pack('N',0).  # content size
#    pack('N',0),
#    '/var/drweb/run/drwebd.sock',
#  # '/var/amavis/var/run/drwebd.sock',   # suitable for chroot
#  # '/usr/local/drweb/run/drwebd.sock',  # FreeBSD drweb ports default
#  # '127.0.0.1:3000',                    # or over an inet socket
#   ],
#   qr/\A\x00(\x10|\x11)\x00\x00/s,              # IS_CLEAN, EVAL_KEY
#   qr/\A\x00(\x00|\x01)\x00(\x20|\x40|\x80)/s,  # KNOWN_V, UNKNOWN_V, V._MODIF
#   qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,
# ],
# # NOTE: If you are using amavis-milter, change length to:
# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").

  ### http://www.f-secure.com/products/anti-virus/
  ['F-Secure Antivirus', 'fsav',
    '--dumb --mime --archive {}', [0], [3,8],
    qr/(?:infection|Infected|Suspected): (.+)/ ],

  ['CAI InoculateIT', 'inocucmd',
    '-sec -nex {}', [0], [100],
    qr/was infected by virus (.+)/ ],

  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
    '-s {}/*', [0], [1,2],
    qr/--[ \t]*(.+)/ ], 

  ['MkS_Vir daemon',
    'mksscan', '-s -q {}', [0], [1..7],
    qr/^... (\S+)/ ],

  ### http://www.nod32.com/
  ['ESET Software NOD32', 'nod32',
    '-all -subdir+ {}', [0], [1,2],
    qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],

  ### http://www.nod32.com/
  ['ESET Software NOD32 - Client/Server Version', 'nod32cli',
    '-a -r -d recurse --heur standard {}', [0], [10,11],
    qr/^\S+\s+infected:\s+(.+)/ ],

# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31
# ['ESET Software NOD32 Client/Server (NOD32SS)',
#   \&ask_daemon2,    # greets with 200, persistent, terminate with QUIT
#   ["SCAN {}/*\r\n", '127.0.0.1:8448' ],
#   qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ],

  ### http://www.norman.com/products_nvc.shtml
  ['Norman Virus Control v5 / Linux', 'nvcc',
    '-c -l:0 -s -u {}', [0], [1],
    qr/(?i).* virus in .* -> \'(.+)\'/ ],

  ### http://www.pandasoftware.com/
  ['Panda Antivirus for Linux', ['pavcl'],
    '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
    qr/Number of files infected[ .]*: 0(?!\d)/,
    qr/Number of files infected[ .]*: 0*[1-9]/,
    qr/Found virus :\s*(\S+)/ ],

# ### http://www.pandasoftware.com/
# ['Panda Antivirus for Linux', ['pavcl'],
#   '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}',
#   [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],
#   qr/Found virus :\s*(\S+)/ ],

# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
# Check your RAV license terms before fiddling with the following two lines!
# ['GeCAD RAV AntiVirus 8', 'ravav',
#   '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ],
# # NOTE: the command line switches changed with scan engine 8.5 !
# # (btw, assigning stdin to /dev/null causes RAV to fail)

  ### http://www.nai.com/
  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
    '--secure -rv --mime --summary --noboot - {}', [0], [13],
    qr/(?x) Found (?:
        \ the\ (.+)\ (?:virus|trojan)  |
        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
        :\ (.+)\ NOT\ a\ virus)/,
  # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
  # sub {delete $ENV{LD_PRELOAD}},
  ],
  # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
  # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
  # and then clear it when finished to avoid confusing anything else.
  # NOTE2: to treat encrypted files as viruses replace the [13] with:
  #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/

  ### http://www.virusbuster.hu/en/
  ['VirusBuster', ['vbuster', 'vbengcl'],
    # VirusBuster Ltd. does not support the daemon version for the workstation 
    # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
    # binaries, some parameters AND return codes (from 3 to 1) changed.
    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
    qr/: '(.*)' - Virus/ ],

# ### http://www.virusbuster.hu/en/
# ['VirusBuster (Client + Daemon)', 'vbengd',
#   # HINT: for an infected file it returns always 3,
#   # although the man-page tells a different story
#   '-f -log scandir {}', [0], [3],
#   qr/Virus found = (.*);/ ],

  ### http://www.cyber.com/
  ['CyberSoft VFind', 'vfind',
    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
  # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
  ],

  ### http://www.ikarus-software.com/
  ['Ikarus AntiVirus for Linux', 'ikarus',
    '{}', [0], [40], qr/Signature (.+) found/ ],

  ### http://www.bitdefender.com/
  ['BitDefender', 'bdc',
    '--all --arc --mail {}', qr/^Infected files *:0(?!\d)/,
    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
    qr/(?:suspected|infected): (.*)(?:\033|$)/ ],

);

# If no virus scanners from the @av_scanners list produce 'clean' nor
# 'infected' status (e.g. they all fail to run or the list is empty),
# then _all_ scanners from the @av_scanners_backup list are tried.
# When there are both daemonized and command-line scanners available,
# it is customary to place slower command-line scanners in the
# @av_scanners_backup list. The default choice is somewhat arbitrary,
# move entries from one list to another as desired.

@av_scanners_backup = (

  ### http://www.clamav.net/
  ['ClamAV-clamscan', 'clamscan',
    "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

  ### http://www.f-prot.com/
#  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
#    '-dumb -archive -packed {}', [0,8], [3,6],
#    qr/Infection: (.+)/ ],

  ### http://www.trendmicro.com/
  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
    '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],

  ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
    '-i1 -xp {}', [0,10,15], [5,20,21,25],
    qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
    sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
  ],

# Commented out because the name 'sweep' clashes with the Debian package of
# the same name. Make sure the correct sweep is found in the path when enabling
#
# ### http://www.sophos.com/
# ['Sophos Anti Virus (sweep)', 'sweep',
#   '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}',
#   [0,2], qr/Virus .*? found/,
#   qr/^>>> Virus(?: fragment)? '?(.*?)'? found/,
# ],
# # other options to consider: -mime -oe -idedir=/usr/local/sav

# always succeeds (uncomment to consider mail clean if all other scanners fail)
# ['always-clean', sub {0}],

);


#
# Section VIII - Debugging
#

# The most useful debugging tool is to run amavisd-new non-detached
# from a terminal window:  # amavisd debug

# Some more refined approaches:

# If sender matches ACL, turn debugging fully up, just for this one message
#@debug_sender_acl = ( "test-sender\@$mydomain" );
#@debug_sender_acl = qw( debug@example.com );

# May be useful along with @debug_sender_acl:
# Prevent all decoded originals being deleted (replaced by decoded part)
#$keep_decoded_original_re = new_RE( qr/.*/ );

# Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug')
$sa_debug = 9;            # defaults to false


#
# Section IX - Policy banks (dynamic policy switching)
#

## Define some policy banks (sets of settings) and give them
## arbitrary names (the '' and 'MYNETS' have special meaning):
#
# $policy_bank{'ALT'} = {
#   log_level => 3,
#   inet_acl => [qw( 10.0.1.14 )],
#   final_spam_destiny => D_PASS, final_bad_header_destiny => D_PASS,
#   forward_method => 'smtp:*:*',
#   notify_method  => 'smtp:[127.0.0.1]:10025',
#   virus_admin_maps => "abuse\@$mydomain",
#   spam_lovers_maps => [@spam_lovers_maps, [qw( abuse@example.com )]],
#   spam_tag_level_maps  => 2.1,
#   spam_tag2_level_maps => 6.32,
#   spam_kill_level_maps => 6.72,
#   spam_dsn_cutoff_level_maps => 9,
#   defang_spam => 1,
#   localhost_name => 'amavis.example.com',
#   smtpd_greeting_banner =>
#     '${helo-name} ${protocol} amavisd-new TEST service ready',
#   auth_required_inp  => 0,
#   auth_supported_out => 1,
#   auth_mech_avail => [qw(PLAIN LOGIN)],
#   av_scanners => [  # give them only 'free' scanners
#     ['ClamAV-clamd',
#       \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
#       qr/\bOK$/, qr/\bFOUND$/,
#       qr/^.*?: (?!Infected Archive)(.*) FOUND$/,
#     ],
#   ],
#   av_scanners_backup => [
#     ['ClamAV-clamscan', 'clamscan',
#       "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
#       qr/^.*?: (?!Infected Archive)(.*) FOUND$/,
#     ],
#   ],
# };
#

#for all outgoing mails 

# $policy_bank{'outgoing'} = {
#    X_HEADER_TAG => 'X-Virus-Scanned',
#    X_HEADER_LINE => "by amavisd-new at lists.debian.org",
#    bypass_spam_checks_maps   => [1],
#    bypass_banned_checks_maps => [1],
#    mydomain => 'lists.debian.org',
#};

## the name 'MYNETS' has special semantics: this policy bank gets loaded
## whenever MTA supplies a SMTP client IP address (Postfix XFORWARD extension
## or a new AM.PDP protocol) and that address matches the @mynetworks list.
#

## Now we can assign policy banks to amavisd tcp port numbers listed in
## $inet_socket_port. Whenever the connection from MTA is received, first
## a built-in policy bank $policy_bank{''} gets loaded, which bringings-in
## all the global/legacy settings, then it gets overlaid by the bank
## named in the $interface_policy{$port} if any, and finally the bank
## 'MYNETS' is overlaid if it exists and the SMTP client IP address
## is known (by XFORWARD command from MTA) and it matches @mynetworks.

# $interface_policy{'10026'} = 'ALT';
# $interface_policy{'9998'} = 'AM.PDP';



$interface_policy{'61000'} = 'pb_playground';

#-------------
if ( -r "/etc/amavis/amavis-common.conf.local" ) {
    do '/etc/amavis/amavis-common.conf.local';
}

sub do_or_die { 
	my $f = shift; 
	my $bank = $f;
	$bank =~ s/^.*pb_(.*)\.conf/$1/;
	open (my $c, $f) or die "Can't read $f";
	my $code = join ('', <$c>);
	$code =~ /^(.*)$/sm;
	$code = $1;
	eval $code or die "Can't evaluate $f";
	close $c;
}
do_or_die ($_) foreach (glob ("/var/list/.etc/dot-amavis/pb_*.conf"));


1;  # insure a defined return
